In most organizations, it is common for both the CISO and CIO to have responsibilities around cybersecurity—an issue increasingly pivotal to the effective running of any modern business. Clear, defined cybersecurity ownership can prove integral to successful organizational security positioning.
A recent ISACA survey of almost 3,700 global cybersecurity professionals found that while almost half (48%) of cybersecurity teams report directly into a CISO, one in four reports to the CIO. Despite the variation in reporting relationships, the survey revealed no significant differences regarding security function ownership between the CISO or CIO relating to views on increased or decreased cyberattacks, the ability to detect and respond to cyberthreats, and cybercrime reporting.
